name: Build and Deploy on: push: branches: [ main ] pull_request: branches: [ main ] jobs: build: runs-on: linux_amd64 timeout-minutes: 15 steps: - name: Checkout code uses: actions/checkout@v4 - name: Install dependencies run: npm ci timeout-minutes: 5 - name: Build Front End run: npm run build timeout-minutes: 10 env: NODE_OPTIONS: '--max-old-space-size=4096' VITE_AUTH0_CLIENTID: ${{ secrets.VITE_AUTH0_CLIENTID }} VITE_AUTH0_DOMAIN: ${{ secrets.VITE_AUTH0_DOMAIN }} - name: Stop Service run: | sudo rc-service immersive stop || true - name: Deploy to /opt/immersive run: | # Ensure group write so we can delete old files sudo chmod -R g+w /opt/immersive || true # Remove old files except data directory and env file find /opt/immersive -mindepth 1 -maxdepth 1 ! -name 'data' ! -name '.env.production' -exec rm -rf {} + # Copy built files to target cp -r . /opt/immersive/ # Remove unnecessary directories rm -rf /opt/immersive/.git /opt/immersive/.github # Set permissions on start.sh and ensure group write for future deploys chmod +x /opt/immersive/start.sh sudo chmod -R g+w /opt/immersive # Set ownership to immersive user sudo chown -R immersive:immersive /opt/immersive - name: Create Environment File env: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} run: | # Create .env.production with secrets (only accessible by immersive user) echo "# Auto-generated by CI/CD - Do not edit manually" > /opt/immersive/.env.production echo "ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}" >> /opt/immersive/.env.production echo "CLOUDFLARE_ACCOUNT_ID=${CLOUDFLARE_ACCOUNT_ID}" >> /opt/immersive/.env.production echo "CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}" >> /opt/immersive/.env.production # Secure the environment file sudo chown immersive:immersive /opt/immersive/.env.production sudo chmod 600 /opt/immersive/.env.production - name: Start Service run: | sudo rc-service immersive start